PramaanDPDP Live
Log inGet Verified
explainerPlain-English explainerDPDP-awareNot legal advice

What is DPDP, in 300 words

India's Digital Personal Data Protection Act, explained for verification workflows without pretending to be legal advice.

PRAMAAN Editorial Team5 min read

Key takeaways

  • DPDP is about personal data, purpose, consent, rights, and accountability.
  • Verification products show the purpose before checks run.
  • Businesses need usable consent, rights, retention, grievance, and audit workflows.
  • Do not treat this article as legal advice or an official government interpretation.

Source and compliance note

Source review recommended before adding statutory section numbers, in-force dates, rule references, or official interpretation.

This article is for general information and is not legal advice.

300-word summary

DPDP is India's personal data protection law. For verification workflows, the practical idea is simple: if you collect or process personal data, explain the purpose, collect only what is needed, protect it, allow rights requests, and avoid using the data for unrelated reasons.

Consent matters because verification can affect real people: workers, candidates, residents, visitors, vendors, and households. A good product shows the person what is being requested before checks run. It keeps a record of consent, limits access to the result, and provides a route for correction, erasure, grievance, or other rights requests where applicable.

DPDP is more than a banner or checkbox. The hard part is operational: retention, audit logs, breach workflows, staff access, vendor contracts, and human support. PRAMAAN is designed around those product requirements, while this article remains general information rather than legal advice.

  1. State the purpose before collecting data.
  2. Ask for consent where the workflow requires it.
  3. Run only the selected checks.
  4. Use the data only for the stated purpose.
  5. Provide a rights and grievance path.

What businesses must build

  • Consent capture with purpose text.
  • Retention and deletion controls.
  • Access, correction, erasure, and grievance workflows.
  • Audit logs for who accessed what and why.
  • Vendor and processor review for sensitive workflows.

Read the privacy notice, use data subject rights, contact the grievance officer, and review how consent works.

Related

Continue the trust workflow

Related articles are selected from explicit article metadata first, then editorial fallback.

society/RWA6 min

Why your society's visitor log is a privacy risk

Paper visitor registers create privacy, access-control, retention, and DPDP exposure for housing societies and RWAs.

SocietyRWAVisitor log
Read article
guide8 min

How background verification actually works in India (2026)

A practical, India-first explainer for BGV workflows: request, consent, verification rails, review, and report.

BGVIndiaConsent
Read article
worker trust5 min

Why the worker badge belongs to the worker — not the platform

The product principle behind worker-owned trust: portability, consent, renewal, and dignity.

Worker badgePortabilityDignity
Read article
Next step

See PRAMAAN privacy and rights routes

Review the public trust, privacy, DSR, and grievance surfaces connected to consent-first verification.

Read PRAMAAN privacy noticeExercise DPDP rights